Blockchain Threat Intelligence

Blockchain Threat Intelligence

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 37, 2023
Copy link
Facebook
Email
Notes
More

BlockThreat - Week 37, 2023

CoinEx | Fortress | Retool | Remitano | Remilia | Mark Cuban

Peter Kacherginsky
Sep 24, 2023
∙ Paid
3

Share this post

Blockchain Threat Intelligence
Blockchain Threat Intelligence
BlockThreat - Week 37, 2023
Copy link
Facebook
Email
Notes
More
Share

Greetings!

Multiple cryptocurrency exchanges revealed hot wallet compromises this week for more than $76,000,000 in combined losses.

CoinEx was hit the worst with $54m in losses by the North Korean Lazarus group. The exchange security team acknowledged the compromise more than 4 hours after attackers’ first transaction which was unfortunately too late.

Ripple revealed that their recent acquisition, Fortress, did in fact lose $15m of customer assets following the Retool compromise earlier this month. The compromise was attributed to a financially motivated APT called 0ktapus aka Scattered Spider. The big takeaways were don’t use the Google Authenticator backup feature and be mindful of your 3rd party integrations which can serve as gateways to your treasures.

Remitano also blamed an unidentified 3rd party service when it lost $2.7m. Were they another Retool customer? The compromise had a happy ending as most of the stolen assets were frozen by Tether thanks to a rapid community response. Remitano acknowledged the hack 20 hours later.

The last, but not least hack is Mark Cuban’s massive $870k wallet drained which could have been much worse if not for a timely transfer of remaining assets. Malware leading to private key compromise is the likely culprit.

To gain access to comprehensive vulnerability write-ups, post-mortems, exploit proof of concepts (PoCs), attacker addresses, and additional data regarding this week’s compromises, please subscribe to the premium plan below.

It’s been awhile since we covered more than a single hot wallet and private key compromises in a single week. Bad actors have clearly refocused on more traditional attack vectors such as phishing and infrastructure compromises. Smart contract exploits on the other hand resulted in under $100,000 losses. Is DeFi getting more secure triggering a renewed focus on centralized finance? We will see if the trend holds in the next few weeks. In the meantime, don’t relax your efforts to build up monitoring and incident response capabilities. You could be next.

Let’s dive into the news!

News

  • Russian and North Korean Cyberattack Infrastructure Converge: New Hacking Data Raises National Security Concerns.

  • Now defunct LocalBitcoins used in murder-for-hire scheme.

  • 11,196 Years Jail Sentence for Faruk Özer, CEO of Collapsed Turkish Crypto Exchange Thodex.

  • OneCoin co-founder Greenwood gets 20 years in US jail for fraud, money laundering.

  • Ex-Deutsche Bank Banker Poised to Plead Guilty to Crypto Fraud.

Scams

  • Twitter opsec PSA: Remove any phone numbers from your Twitter account.

  • Phishing victim sends eye-watering $4.5M in USDT to scammer.

  • NFT 'sleepdrops' have drained $11.5 million from Ethereum users.

  • USDT Approval Mining, Liquidity Mining & Sha Zhu Pans losses dashboard by tayvano. More than $340m were stolen to date.

  • TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams.

  • TikTok cryptocurrency scam promises high rewards to lure victims.

  • Pink Drainer techniques thread by Boring Security.

  • What are address poisoning attacks in crypto and how to avoid them?

Contests

  • ONLYPWNER - an EVM CTF Platform.

  • Curta 17 - Murder Mystery solution by hrkrshnn.

Media

  • Planet Money - How to launder $600 million on the internet episode dives into the Axie Infinity compromise and the rogue nation state responsible.

Research

  • How the Lazarus Group is stepping up crypto hacks and changing its tactics by Elliptic.

  • Browsing for Bugs: Finding and Reporting a $3M Bug in Premia Finance by Ayaz Mammadov, Zellic

  • Rate manipulation in Balancer Boosted Pools — technical postmortem.

  • Pump, Dump, and then What? The Long-Term Impact of Cryptocurrency Pump-and-Dump Schemes.

  • VulnSense: Efficient Vulnerability Detection in Ethereum Smart Contracts by Multimodal Learning with Graph Neural Network and Language Model.

  • Towards the Comprehensive Understanding of Mempool DoS Security in Ethereum (Work in Progress).

  • From Programming Bugs to Multimillion-Dollar Scams: An Analysis of Trapdoor Tokens on Decentralized Exchanges.

  • Intro to Smart Contract Security Auditing: Comprehensive Guide to Contract Size Checks by SlowMist.

  • A Dive into Storage Packing by Ditto.

  • Liquidation Security Checklist by bytes032.

  • How to identify and protect against routing attacks on the Lightning Network by Jagjit Singh.

  • Solidity's CREATE3 Opcode: A Comprehensive Guide by btk.

  • How to optimize your gas consumption without getting REKT Part 1 and Part 2 by Netanel.

  • Collection of ZK security reviews by nullity00.


Enjoy reading BlockThreat? Consider sponsoring the next edition or becoming a paid subscriber to unlock the premium section with detailed information on hacks, vulnerability, indicators, special reports, and searchable newsletter archives.


Premium Content

This post is for paid subscribers

Already a paid subscriber? Sign in
© 2025 Peter Kacherginsky
Privacy ∙ Terms ∙ Collection notice
Start writingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More